Ask HN:还有谁被 Next.js RCE 攻破了?
4 分•作者: whycombinetor•7 个月前
我有点不好意思,但除了阅读 GCP 发的、主题为“新咨询通知”的周六邮件之外,我也不知道还能做些什么来避免这种情况。十个小时后,GCP 实例因加密货币挖矿而被暂停。现在查看磁盘镜像,它在 ~/nxt/ 安装了一些东西,在 ~/c3pool/ 安装了一个门罗币矿工,并添加了几个 systemctl 服务,以便在启动时运行这些程序。稍等,我要用火烧了这台机器……这让我想,我应该在 Docker 中运行<i>所有</i>东西,即使是那些“不应该”有任何潜在安全问题的小型简单程序。<p>幸运的是,这台机器对我来说并不重要,除了 AI API 密钥之外,没有敏感数据被窃取。但我估计其他一些组织可能已经遭受了灾难性的、无法挽回的入侵。<p>你有什么经历吗?<p>(RCE 背景:https://news.ycombinator.com/item?id=46136026 )
查看原文
I'm a little embarrassed, but not sure what I could have done differently other than reading the Saturday email from GCP with the nondescript subject "New Advisory Notification". Ten hours later, GCP instance suspended due to crypto mining. Now looking at the disk image, it installed something at ~/nxt/ , installed a monero miner at ~/c3pool/ , and added several systemctl services to run these on startup. BRB, killing this machine with fire... This makes me think I should be running <i>everything</i> in Docker, even simple small stuff that "shouldn't" have any potential security issues.<p>Fortunately this machine wasn't anything important for me and there was no sensitive data to exfil beyond AI API keys. But I imagine there's other orgs that just got catastrophically, irrecoverably pwned.<p>What's your story?<p>(RCE context: https://news.ycombinator.com/item?id=46136026 )